Best network config for Google Fiber, 2 Airport Extreme 6th Gen serving < 20 wireless clients

RichardF

macrumors 6502a
Original poster
Oct 27, 2006
566
73
New York City
Hello friends,

May I please ask you guys for some help?

What's the best set-up to optimize speed and surface coverage with these elements?

2 story home over 2,000sq wired throughout with Cat6 and an Ethernet port in each room.

Google Fiber, internet only (no TV)
> Google modem/ router required for VLAN tagging?
> Google modem/ router with WiFi turned off
> (2) AirPort Extreme 6th Gen running 7.7.9
> less than 20 wireless clients mix: IEEE 802.11 g/n (SONOS 5.1 set-up + speakers in each room, D-Link camera, laser printer/ scanner etc) + all (6) Apple products support IEEE 802.11ac
> 2 LAN wired devices (Lutron and Philips Hue bridge) plugged into the Google Modem/ router

All devices running latest avail firmware/ software version from their respective OEMs.


It seems the g/n devices will slow down the wireless network overall which is another thing to consider besides the network layout. So set-up a dedicated SONOS network for instance?

Thank you! Looking forward to the feedback.
 

techwarrior

macrumors 65816
Jul 30, 2009
1,110
395
Colorado
AP Extremes configured as Access Points (bridged mode) connected to the LAN via CAT 5e\6. Put as much distance as you can between them to minimize overlap and increase range.

The AC Extremes have separate radios for 2.4Ghz (b\g\n clients) and 5Ghz (n and ac clients). The AC clients will not be slowed by the presence of b\g\n clients if the SSID are separate. So, when setting up Wireless, use something like NETWORK (2.4Ghz) and NETWORK5G (5GHz) for the SSID and configure b\g\n clients with lower bandwidth requirements to use NETWORK. Clients that need more bandwidth and support ac or n can use the NETWORK5G SSID. Passwords can be the same on both, but traffic will remain isolated.

Also, anything that can use the hardwired network, do so. That preserves the airwaves for clients that cannot connect via Ethernet.
 

RichardF

macrumors 6502a
Original poster
Oct 27, 2006
566
73
New York City
Thank you so much @techwarrior !

Off (Bridge Mode) confirmed on both.
Currently only one of my two AEs is set to "Create a wireless network".
I will set the second one I got today to "Create a wireless network" instead of "Extend a wireless network".

Under "Wireless Options..." in Airport Utility, I will turn on "5GHz network name" on both before changing the SSID to the 5GHz network on all clients capable of n or ac bandwidth.

The same complex 29 characters-long SSID password is used for both.
Is having such a long password placing an unnecessary burden on all devices involved without much benefit RE: security?

Both AEs will be connected to the ethernet jack in their respective rooms which is connected to the Google Modem/ Router via cat6.

I am seeing many people "move on" to mesh networking.
What's the difference between setting up AEs throughout a space vs using a mesh set-up like many OEMs starting selling?

I have had the AmpliFi by Ubiquiti in my Amazon cart for over 6 months. Am I missing out?
Never felt compelled to buy it: I love the AE.
It's so good and rock solid in my experience.
Very annoyed Apple decided to leave the space.

Finally, is there anything I can/ should do to bypass the Google modem/ router in terms of privacy?
Any other thoughts regarding Google Fiber? Or changes I can make to my configuration (DNS etc)?
I am thinking it is futile anyway in this day and age but thought I'd ask since I don't know what I don't know.
 

techwarrior

macrumors 65816
Jul 30, 2009
1,110
395
Colorado
What's the difference between setting up AEs throughout a space vs using a mesh set-up like many OEMs starting selling?
Mesh typically uses a dedicated radio for uplinks between Access Points. Since you have Ethernet drops in all rooms, the 1Gbps WAN ports on the AEs will uplink to each other\router at 1Gbps. Mesh may not achieve full 1Gbps on uplinks, depending on distance, interference, etc. Mesh is designed to be "simple" for expanding a network without wires, but any product that tries to do all of the above tends to lack in most areas.

Is having such a long password placing an unnecessary burden on all devices involved without much benefit RE: security?
WPA2 is fairly secure, long\complex passwords are always better than short if your network is exposed to a lot of neighbors (dense urban areas for instance). The trade off is complexity setting up devices, but that is a one-time thing typically.

Finally, is there anything I can/ should do to bypass the Google modem/ router in terms of privacy?
Any other thoughts regarding Google Fiber? Or changes I can make to my configuration (DNS etc)?
Sorry, can't help there, I try to avoid Giggle for the most part and have no knowledge of their Fiber offer. If you are concerned, maybe consider VPN services. Not sure if their "Router\Modem" unit can be placed in bridge mode and promote one of the AEs to Router, but you are still going over their network, I suspect they capture everything to\from your home regardless.
 

RichardF

macrumors 6502a
Original poster
Oct 27, 2006
566
73
New York City
Super useful @techwarrior - I appreciate your help. Thank you!

Will use for some time and report back with feedback.

Before:

Screen Shot 2018-11-13 at 20.41.23.png


After:



Screen Shot 2018-11-14 at 14.57.15.png


Hopefully this will help others in a similar situation to mine.
 
Last edited:

RichardF

macrumors 6502a
Original poster
Oct 27, 2006
566
73
New York City
One more thing... :)

I came across this article recommending IPv6 Connection sharing be disabled.
Why is that? Why was that causing issues for that person?

I checked and that box was checked on my first AE but not in the AE I just got yesterday.
So I unchecked in the first AE.


"For OS X, launch the AirPort Utility (found in Applications > Utilities), click on the AirPort, click Edit, click the Internet tab, then click Internet Options. Find the Enable IPv6 Connection Sharing check box (see below) and uncheck it."

https://www.appleworld.today/blog/2015/12/18/how-changing-one-setting-on-an-apple-airport-extreme-fixed-all-of-my-network-problems
 

techwarrior

macrumors 65816
Jul 30, 2009
1,110
395
Colorado
One more thing... :)

I came across this article recommending IPv6 Connection sharing be disabled.
Why is that? Why was that causing issues for that person?

I checked and that box was checked on my first AE but not in the AE I just got yesterday.
So I unchecked in the first AE.


"For OS X, launch the AirPort Utility (found in Applications > Utilities), click on the AirPort, click Edit, click the Internet tab, then click Internet Options. Find the Enable IPv6 Connection Sharing check box (see below) and uncheck it."

https://www.appleworld.today/blog/2015/12/18/how-changing-one-setting-on-an-apple-airport-extreme-fixed-all-of-my-network-problems
I guess I have never had that setting enabled, Sounds like maybe Apple had issues with IPV6 routing.
 

Mikael H

macrumors 6502a
Sep 3, 2014
643
277
One more thing... :)

I came across this article recommending IPv6 Connection sharing be disabled.
Why is that? Why was that causing issues for that person?
That may have been an issue with an older firmware. Unless you're experiencing concrete routing problems I see no reason to turn off that feature.
 

RichardF

macrumors 6502a
Original poster
Oct 27, 2006
566
73
New York City
That may have been an issue with an older firmware. Unless you're experiencing concrete routing problems I see no reason to turn off that feature.

I don't think I was having issues with it being enabled. I suspected that my SONOS speakers losing connectivity mysteriously here and there was due to something in the network but didn't suspect this.

Could you please explain the "sharing" part? I don't understand the concept and what this is supposed to do.
 

Mikael H

macrumors 6502a
Sep 3, 2014
643
277
I don't think I was having issues with it being enabled. I suspected that my SONOS speakers losing connectivity mysteriously here and there was due to something in the network but didn't suspect this.

Could you please explain the "sharing" part? I don't understand the concept and what this is supposed to do.
I don’t know how much you know about Internet protocols, so I’ll start with that:
IPv4, which is what most of the world currently uses, was defined early enough that people believed that allowing a couple of billion devices to communicate freely on the Internet would be enough for the foreseeable future. It was, but as usual the future came faster than they thought.
Here we are, with most of the world connected to the Internet, and so the service providers must cheat to allow everybody to make a connection, by forcing most devices to be stuck in private networks behind a publicly-facing gateway (using Network Address Translation, or NAT).

IPv6 solves this problem by allowing every device to have a routable address, meaning that anything in your home potentially can act as a server without being forced to go through third-party services. (And before you ask: no, security is not compromised compared to IPv4, since you still have a router/firewall in front of your network, which still denies access to everything you don’t explicitly want to present outwards.)

So to answer your question:
When your ISP decides to also provide IPv6, if you have a valid IPv6 configuration in your Airport device, and you have IPv6 connection sharing turned on, all up-to-date devices on your network built in the last ten years or so should receive native IPv6 addresses and, according to standards, prefer that protocol over IPv4. If a service is only available over IPv4, the older protocol will be used instead.
 

RichardF

macrumors 6502a
Original poster
Oct 27, 2006
566
73
New York City
Thank you @Mikael H !

Understood. What you wrote helped me steer my IPv6 searches and I found this to explain what that setting does in the Airport Extreme.

It sounds like I should leave that setting unchecked since I have the Google box in front of both the Airport Extreme and that the box presumably should/ will handle assigning an IPv6 address to the devices on my network that support it.

From: https://discussions.apple.com/thread/8007787

  • For Internet Options > Configure IPv6:
    • Automatically = The base station is enabled as a auto-assigned DHCPv6 client.
    • Manually = The base station's IPv6 settings must be statically-assigned by the administrator.
    • Link-local only = The base station's DHCPv6 client mode is disabled.
  • For Internet Options > Enable IPv6 Connection Sharing:
    • (enabled) Enables the base station's DHCPv6 server.
    • (disabled) Disables the base station's DHCPv6 server.
The key here is there is no NAT functionality with IPv6. As such, if you want the downstream base stations to "pass through" the IPv6 addresses from the "main" base station's DHCPv6 server, then you would want to set Configure IPv6 for "Automatically" and leave the "Enable IPv6 Connection Sharing" option disabled.
 
Last edited:
  • Like
Reactions: Mikael H